this post was submitted on 15 Apr 2024
53 points (89.6% liked)
Lemmy
12535 readers
3 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
how exactly would you propose that instance-agnostic links like this work? How should it behave, and how would you overcome the centralization, privacy, security, etc. concerns that it raises?
Because I can see a lot of different answers here and each have some unique challenges. But I agree, it is annoying to work around.
On android, there is this: https://android.izzysoft.de/repo/apk/dev.zwander.lemmyredirect
Which solves it from the client side
UUIDs?
Sure, UUIDs are a useful tool. What of it? If I put a UUID in a comment, it isn't a link. This doesn't answer my question or solve the problem. The link has to go somewhere on the web, or use a custom protocol specifier and be handled by a client application or something installed on the user's machine. If you go the client app route, many/maybe even most people use lemmy in a browser at least some of the time, and this will never get the full adoption required to make it standard. If you go the web link route, then you have concerns like "who owns the domain/service that does the redirecting" (ie matrix.to), can they be trusted, how can they automatically tell which instance to send users to without privacy concerns?
If you're proposing overhauling the whole architecture of lemmy to use consistent UUID-based IDs for comments, posts, etc. across all instances, that could probably work but there are some edge cases especially with malicious actors, and it would be a huge undertaking.
A better idea, IMO, is to let client apps/frontends handle the translation, so that regardless of what instance the comment is linked on, it is translated to the correct local link for local users (unless the instances aren't federated), since there's already the fedilink button to then see the post on the original user's instance, but there are probably edge cases and performance issues I'm not thinking of/privy to, and its still a non-trivial fix, which is why it hasn't happened yet. I'm sure the devs would welcome such a change if a PR were submitted with the kinks worked out, but it isn't on their current priorities list afaik
That was what I was suggesting yeah, version 3-5 look like it could work, you could use the originating server as the name-space, and a local server generated ID for the name. As long as they only use information sent elsewhere the hashes should be reproducible, so you can check that a server is only using it's own name to send new comments/posts, which should protect against the obvious attacks.
The more I think about it I'm not sure you would even need to use an official UUID system actually, just make something like - as the unique ID?
I agree it would be a big change to make though, especially dealing with all the existing posts.